CVSS: 7.5EPSS: 68%CPEs: 17EXPL: 0CVE-2011-2730 – Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure
https://notcve.org/view.php?id=CVE-2011-2730
05 Dec 2012 — VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814 • CWE-16: Configuration •
CVSS: 7.5EPSS: 21%CPEs: 2EXPL: 1CVE-2011-2894 – Security: Chosen commands execution on the server (Framework) or authentication token bypass (Security) by objects de-serialization
https://notcve.org/view.php?id=CVE-2011-2894
04 Oct 2011 — Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang... • https://github.com/pwntester/SpringBreaker • CWE-502: Deserialization of Untrusted Data •